On Wed, 10 Dec 2025 20:54:09 GMT, Artur Barashev <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java line
>> 210:
>>
>>> 208:
>>> 209: if (socket instanceof SSLSocket sslSocket &&
>>> sslSocket.isConnected()) {
>>> 210: session = sslSocket.getHandshakeSession();
>>
>> subtle change in the refactoring now that the session non-null check is
>> delayed until the new `findTrustedCertificate` call.
>> The `SSLAlgorithmConstraints.forEngine/forSocket/forQUIC` methods also
>> reference the session before the `findTrustedCertificate` call . Have you
>> ensured that a null session can't cause issue there ?
>
> Yes, we have a check for session not being null there: `session instanceof
> ExtendedSSLSession`
fair enough. SupportedSignatureAlgorithmConstraints constructor caters for
this scenario at moment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28275#discussion_r2611715401
